Existek > Case studies > Desktop Apps > Behavioral identification app

Behavioral identification app

An application that perceives user authentication not as the event, but as the whole process from the login to logout. AI-based behavioral identification component collects user’s behavioral biometric data, analyzes it, and records it for analysis of the next authentications.

Short summary

Client: An ISV provider of software for enterprise information security.

Need: To develop a solution that provides biometric authentication for enterprise security on both Windows OS system and centralized data levels.

Challenge: One of the features required modification of Windows login screen which is a very complex task since this is a security feature. The client lacked the know-how to implement this mission-critical feature. Besides this, they required standard web and desktop development services.

Solution: Existek has a very specific desktop development experience and after research, we managed to find a way to implement the feature that was the main selling point of the product.

Impact: We built one of a kind solution that provided our client with competitive advantage and helped to sign up a number of big enterprise customers.

Location

Platforms

Technologies

Duration

6 months

Team size

6 specialists
Core features
Discovery stage
Development and testing
Project summary

What’s the app for?

Smart Login is an application that ensures enterprise security. Even longest passwords with numbers and symbols are quite weak when talking about large organizations. The business information locked behind the login credentials can be literally priceless so the malefactors are focusing their efforts on this kind of data in the first place. So, we’ve created Smart Login as a solution for this challenge. It collects individual behavioral biometrics data like the delay between keystrokes for the particular person to ensure secure authentication.

Core features

Application architecture

Authentication module
Biometrics data collection
Behavioral data analytics
Security admin panel

Authentication module

The method we implemented looks like the standard Windows login screen and doesn’t require any additional actions from the users.

It collects the individual behavioral biometrics data like the delays between keystrokes for the particular person, sends this information to the backend for the analysis of the common patterns by the AI, creates the user’s biometric profile for further matching each login with this profile. So, in case anybody would manage to steal the credentials the access won’t be granted because behavioral patterns don’t match. The AI is learning and adapting to the user’s behavior if he or she would start to enter the password faster with the time etc.

The application serves as an extra layer of security after the standard Windows user password check.

application demo

Security admin panel

The pillars of the enterprise cybersecurity are the centralized control of the access to each workstation, logs of the login attempts, user management, automatic monitoring of suspicious activity, and ability to restrict the access remotely.

To provide customers with this functionality, we needed to make possible the quick and reliable transfer of this data to the admin panel that gives access to the whole system and its accumulated data.

Authentication dashboard

This tab provides administrators with the statistics related to authentication. It shows the number of authentications performed during a particular period of time, including both successful and failed attempts. In addition, it presents the data on continuous authentication, which is the user behavior from the whole session: from login to logout.

application demo

Behavior check settings

Through the admin panel, administrators can make the verification more or less strict. They can enable all layers of authentication, such as keystroke and mouse biometrics, or disable them for a particular user or in general.

application demo

User management

Administrators always have up-to-date information on all system users, and statistics about their behaviour. The AI component defines the level of risk caused by an authentication attempt. This data is recorded into one’s personal account.

application demo

Discovery stage

icon

Who we build for

Our client is an ISV provider of software solutions for enterprise information security based in Victoria, Canada.
icon

Goals

  • Modification of the Windows login screen service and interface for the additional authentication method
  • Interception of the keystrokes metrics on the Windows user login screen
  • Add-on development and integration with the Windows login security service for two-factor authentication
  • Integration with the backend AI-based service to collect, analyze and store the biometrics data
  • Integration with the administration dashboard for the complete system management
icon

Solution

Our team has built a multi-layered system that follows a certain workflow. On the login screen, security solution captures all keystrokes and the behavioral data and sends it to the server for the analysis and for shaping the user profile after each successful login. When the profile is created, the application sends the data to the server where it is compared with the user biometric profile created by AI after some number of successful authentications confirmed by Windows.

Integration with Windows Hello Aunthentication Screen

Implementation of such solution required us a deep understanding of low-level desktop OS architecture. The product interferes the Windows login screen which is one of the most complex tasks considering the security-based nature of this feature and all the layers of protection.

Windows hello screen

We needed to integrate with the Windows security service through the Credential Provider (ICredentialProvider, ICredentialProviderCredential2) feature and make the invisible users integration with the Windows login screen.

We also implemented a Windows Installer (MSI) using Wix which installs Custom Credential Provider to a target machine either manually or using a group policy deployment.

icon

Collected requirements

Client's vision and main goals
  • Windows login screen modification for an additional authentication method
  • Implementing two-factor authentication
  • AI-based backend service for data analysis
  • Admin panel development
icon

Discovery stage

How we conducted the requirements analysis
  • We assined a dedicated business analyst and project manager
  • Performed more than 10 requirements analysis calls
  • Produced diagrams and supplementary files to add to the SRS document
icon

Deliverables

What EXISTEK produced during the analysis stage
  • A Software Requirements Specification (SRS) document
  • A System Architecture Document and a Database Design
  • The final estimation of the project timeline and cost
  • A detailed project plan with milestones and sprints
content_image

SRS Document Contents

  • User stories
  • Acceptance criteria
  • Business rules
  • User roles
  • Database design
  • Wireframes
  • System architecture

Highlights

12
meetings
conducted for discovery between the client and EXISTEK team
200
hours
spent by our business analysts for calls and documentation
5
weeks
actual duration of the discovery stage
conducted for discovery between the client and EXISTEK team
spent by our business analysts for calls and documentation
actual duration of the discovery stage

Development and testing

Technologies

As we needed to access the Windows login feature, of course, the frontend technology choice fell on WPF and Windows Forms. Also, we needed a reliable and secure backend. For this, we’ve chosen C++ that has proven itself to be a credible technology.

Backend

#10

C++ takes the 10 place among the most popular languages

10k+

professional developers use C++

Frontend

10+

popular languages can be used to program for the Windows platform

#1

IDE - Visual Studio - is used for WPF

Development tools

jira

785

tasks in Jira visible to the client

20k+

people can use Jira simultaneously

Technologies used by

Development roadmap

Predictability is highly appreciated when we’re speaking about the project plan. Understanding the timeframes of each milestone and sprint gives the feeling of stability and security, which is valuable for the client and for us. EXISTEK takes no prepayments for milestone planning until all development steps are accepted by the customer.

development roadmap picture

Team composition

The dedicated team model has long proved its effectiveness. We offer a team of specialists that have already worked together on numerous projects, and know what organizational approach will be the most suitable for them and will lead to the quick result delivery.

developer photo

Backend developer

Boris
developer photo

Frontend developer

Sergey
developer photo

UI/UX designer

Alexander
developer photo

Business analyst

Anton
developer photo

Project manager

Volodymyr
developer photo

QA engineer

Olga

How we ensure visibility for the client

We try to make the development process as transparent and understandable for the customer as possible. We achieve it by keeping constant communication with them, reporting the performed work, and sharing our plans for each sprint and milestone.

icon
Weekly progress calls
icon
Agile development methodologies
icon
Dedicated project and account managers

Highlights

2500
hours
spent by the development team on coding
250
hours
of project manager's engagement
1050
hours
time dedicated to quality assurance
20
weeks
duration of the development stage
spent by the development team on coding
of project manager's engagement
time dedicated to quality assurance
duration of the development stage

Project summary

Our goal was to create an enterprise app that will provide more security than long complex passwords. It had to protect the system from malware, social hacking, fishing, brute-attacks, leaks of the passwords databases, and other uncommon threats.

Leveraging our unique expertise in desktop operating systems architecture we helped to develop a robust product that completely eliminates those potential threats to the enterprise cybersecurity. Besides everything else, we managed to complete that almost impossible task of modifying the Windows login feature and successfully integrate it into the innovative and security software platform.

Development

5 weeks 20 weeks 3 weeks
Design & documentation Launch & support
result stages picture

Development

5 weeks

Design & documentation

20 weeks

Launch & support

3 weeks

Highlights

6
developers
working on a project
20
screens
in an admin panel
6
months
to deliver an application
working on a project
in an admin panel
to deliver an application

    Let's start a project together!

    You're not going to hit a ridiculously long phone menu when you call us. Your email isn't going to the inbox abyss, never to be seen or heard from again. At Existek, we provide the exceptional service and communication we'd want to experience ourselves!




    phone

    Call us

    +1 650 457 0743
    location icon

    Our locations

    Ludwika Warynskiego 3a,
    Warsaw, Poland, 00-645
    Strada Banu Antonache 40-44,
    Bucharest, Romania, 011663
    Kosmonavtiv Ave, 39
    Vinnytsia, Ukraine, 21021
    pen icon

    Drop us a line

    contact@existek.com